Author Moore Australia

What Does Your Auditor Have to Report to ASIC?

Did you know that your auditor has reporting obligations to the Australian Securities and Investments Commission (ASIC) beyond simply signing your audit report?



If your auditor becomes aware of certain matters during the audit, they are required to report them directly to ASIC under Regulatory Guide 34 (RG 34). These obligations exist to ensure that potential breaches of the law and risks to investors, creditors, and the public are appropriately escalated to the regulator.

For directors, audit committees, and management, understanding these obligations is important. It helps you:

  • Avoid surprises if a matter is reported to ASIC;
  • Appreciate the seriousness with which regulators view compliance; and
  • Strengthen internal systems and governance to reduce the likelihood of breaches arising.


Key Reporting Obligations

Auditors must notify ASIC of suspected contraventions of the Corporations Act 2001 and the National Consumer Credit Protection Act 2009 when auditing:

  • Companies, disclosing entities, registered schemes, corporate collective investment vehicles (CCIVs) and compliance plans of registered schemes and retail CCIVs;
  • Registrable superannuation entities (RSEs); and
  • Australian financial services (AFS) and credit licensees.


What Must Be Reported?

Auditors are required to report:

  • Significant contraventions of the law;
  • Non-significant contraventions that are unlikely to be adequately addressed by commenting on it in the auditor’s report or raising it with directors;
  • All contraventions in RSE audits, regardless of materiality or significance;
  • All contraventions of specified provisions or licence conditions for AFS and credit licensees, regardless of materiality or significance.

Examples of significant contraventions include:

  • Insolvent trading and inability to continue as a going concern;
  • Breaches of accounting or sustainability standards;
  • Modified audit or review reports;
  • Fraud by officers or employees of the entity;
  • Breach of general duties of officers and employees;
  • Composition of the board of directors;
  • Breach of the requirement to keep books and records;
  • Failure to lodge a financial or sustainability report.

ASIC considers that a suspected failure to lodge a financial or sustainability report is significant and should be reported to ASIC:

  • For listed entities or disclosing entities: if the report has not been lodged by its due date;
  • For all other entities: if the report remains outstanding 28 days after its due date.

ASIC announced that they will step up enforcement action against financial reporting misconduct, including failure to lodge financial reports, in 2026.

Auditors must also report:

  • Attempts to unduly influence, interfere with, or mislead the auditor;
  • Conflicts of interest or circumstances affecting auditor independence;
  • Their own contraventions or suspected contraventions.

Importantly, auditors must notify ASIC even if:

  • The issue comes to light outside the audit or review process; or
  • ASIC may already be aware of the conduct (e.g. through media coverage or self-reporting by the company).


Timing of Lodgement

Auditor notifications must be lodged with ASIC as soon as practicable or:

  • For most entities: reports must be lodged within 28 days.
  • For AFS and credit licensees: reports must be lodged within 7 days.


In summary

Your auditor’s responsibilities extend beyond forming an audit opinion. If issues arise that trigger a reporting obligation under RG 34, your auditor must notify ASIC, even if management or directors are already aware.


Understanding these obligations promotes open communication with your auditor and supports your organisation’s commitment to good governance and regulatory compliance.

If you have any questions or need support, we’re here to help.